OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Tech overview: Why the switch to common TLD'sin example?


I agree with Rob that it was misleading to use addresses that shared a 
second level domain AND top level domain. (furthermore, were we even 
using the 'example' correctly as RFC2606 would have the .example as the 
TLD and not second level?)

I do however think we miss an opportunity to (subtlely) demonstrate 
SAML's global reach if we use .com for TLD without exception, i.e. let's 
see some .ca, .uk, jp etc

Rob, you think  cars.example.ca  and  airlines.example.com.uk  would 
still be misleading?

paul

Tom Scavo wrote:
> Sorry if I was unclear, Rob.  I was agreeing with Paul and Eve that
> cars.example.net and airline.example.com were adequate.  Using
> *.example.* guarantees that there is no clash with an actual TLD.
> Moreover, I don't think the examples you gave earlier are any more
> usable than cars.example.net and airline.example.com.
>
> Just my two cents worth,
> Tom
>
> On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote:
>> As I said, I agree that it "works". However, I think we fail to convey
>> some of the understanding of how it works by using the same TLD.  Lots
>> of non-SAML SSO products can do SSO within the same TLD's by writing a
>> cookie in the common domain (not to be confused with the Common Domain
>> Cookie in IDP discovery).  As I said, the real power is doing
>> CROSS-DOMAIN SSO and using "example.com" hides the fact that we're doing
>> it cross-domain.
>>
>> Rob Philpott
>> Senior Technologist
>> RSA, The Security Division of EMC
>> Tel: 781-515-7115
>> Mobile: 617-510-0893
>> Fax: 781-515-7020
>> Email: rphilpott@rsasecurity.com
>>
>>
>> > -----Original Message-----
>> > From: Tom Scavo [mailto:trscavo@gmail.com]
>> > Sent: Wednesday, February 14, 2007 3:06 PM
>> > To: Philpott, Robert
>> > Cc: Paul Madsen; security-services@lists.oasis-open.org
>> > Subject: Re: [security-services] Tech overview: Why the switch to
>> common
>> > TLD's in example?
>> >
>> > I think using *.example.* is okay.  There might be a small problem
>> > with usability but that's outweighed by the following RFC:
>> >
>> > http://www.faqs.org/rfcs/rfc2606.html
>> >
>> > Just my two cents worth,
>> > Tom
>> >
>> > On 2/14/07, Philpott, Robert <rphilpott@rsasecurity.com> wrote:
>> > > I'm okay with avoiding collisions.  But using .net and .com is too
>> > > subtle IMO.  I would have completely missed it myself and would
>> prefer
>> > > sticking to .coms.
>> > >
>> > > What about something like fakeairline.com and fakecarrental.com or
>> > > exampleair.com and examplecars.com?
>> > >
>> > > Rob Philpott
>> > > Senior Technologist
>> > > RSA, The Security Division of EMC
>> > > Tel: 781-515-7115
>> > > Mobile: 617-510-0893
>> > > Fax: 781-515-7020
>> > > Email: rphilpott@rsasecurity.com
>> > >
>> > >
>> > > > -----Original Message-----
>> > > > From: Paul Madsen [mailto:paulmadsen@rogers.com]
>> > > > Sent: Wednesday, February 14, 2007 2:34 PM
>> > > > To: Philpott, Robert
>> > > > Cc: security-services@lists.oasis-open.org
>> > > > Subject: Re: [security-services] Tech overview: Why the switch to
>> > > common
>> > > > TLD's in example?
>> > > >
>> > > > Hi Rob, the change was motivated by concerns over collisions, i.e.
>> > > > http://www.airlineinc.com/
>> > > >
>> > > > We could go to cars.example.net and airline.example.com to avoid
>> your
>> > > > concern (I think Eve actually had implemented this but I must have
>> > > > switched from 'net' to 'com' to avoid changing existing graphics)
>> > > >
>> > > > paul
>> > > >
>> > > > Philpott, Robert wrote:
>> > > > > Sorry if I missed some explicit discussion on this, but I
>> noticed in
>> > > > > this draft, the example web site names were changed.
>> > > "AirlineInc.com"
>> > > > > was changed to "airline.example.com" and "CarRentalInc.com" was
>> > > changed
>> > > > > to "cars.example.com".  I don't think this was a good change to
>> > > make.
>> > > > >
>> > > > > The new example sites are now sharing the same top-level domain
>> name
>> > > > > "example.com".  While it's true that SAML will work in such an
>> > > > > environment, it is not a requirement that sites share the same
>> TLD
>> > > and
>> > > > > we may mislead/confuse readers.  The real power is our ability
>> to
>> > > SSO
>> > > > > across systems in *different* TLD's.
>> > > > >
>> > > > > I recommend switching back to unique TLD's.
>> > > > >
>> > > > > Rob Philpott
>> > > > > Senior Technologist
>> > > > > RSA, The Security Division of EMC
>> > > > > Tel: 781-515-7115
>> > > > > Mobile: 617-510-0893
>> > > > > Fax: 781-515-7020
>> > > > > Email: rphilpott@rsasecurity.com
>> > > > >
>> > > > >
>> > > > >
>> > > > >> -----Original Message-----
>> > > > >> From: paulmadsen@ntt-at.com [mailto:paulmadsen@ntt-at.com]
>> > > > >> Sent: Wednesday, February 14, 2007 2:04 PM
>> > > > >> To: security-services@lists.oasis-open.org
>> > > > >> Subject: [security-services] Groups - sstc-saml-tech-overview-2
>> > > > >>
>> > > > > 0-draft-
>> > > > >
>> > > > >> 12.pdf uploaded
>> > > > >>
>> > > > >> The document revision named sstc-saml-tech-overview-2
>> > > 0-draft-12.pdf
>> > > > >>
>> > > > > has
>> > > > >
>> > > > >> been submitted by Paul Madsen to the OASIS Security Services
>> (SAML)
>> > > TC
>> > > > >> document repository.  This document is revision #1 of
>> > > > >> sstc-saml-tech-overview-2 0-draft-11.pdf.
>> > > > >>
>> > > > >> Document Description:
>> > > > >> Applied most of the edits requested at the 10 Oct 2006 SSTC
>> > > telecon.
>> > > > >>
>> > > > > More
>> > > > >
>> > > > >> to come.
>> > > > >>
>> > > > >> View Document Details:
>> > > > >> http://www.oasis-
>> > > > >>
>> open.org/apps/org/workgroup/security/document.php?document_id=22454
>> > > > >>
>> > > > >> Download Document:
>> > > > >> http://www.oasis-
>> > > > >>
>> > > > >>
>> > > > >
>> > >
>> open.org/apps/org/workgroup/security/download.php/22454/sstc-saml-tech-
>> > > > >
>> > > > >> overview-2%200-draft-12.pdf
>> > > > >>
>> > > > >> Revision:
>> > > > >> This document is revision #1 of sstc-saml-tech-overview-2
>> > > > >>
>> > > > > 0-draft-11.pdf.
>> > > > >
>> > > > >> The document details page referenced above will show the
>> complete
>> > > > >>
>> > > > > revision
>> > > > >
>> > > > >> history.
>> > > > >>
>> > > > >>
>> > > > >> PLEASE NOTE:  If the above links do not work for you, your
>> email
>> > > > >> application
>> > > > >> may be breaking the link into two pieces.  You may be able to
>> copy
>> > > and
>> > > > >> paste
>> > > > >> the entire link address into the address field of your web
>> browser.
>> > > > >>
>> > > > >> -OASIS Open Administration
>> > > > >>
>> > > > >
>> > > > >
>> > > >
>> > > > --
>> > > > Paul Madsen             e:paulmadsen @ ntt-at.com
>> > > > NTT                     p:613-482-0432
>> > > >                         m:613-302-1428
>> > > >                         aim:PaulMdsn5
>> > > >                         web:connectid.blogspot.com
>> > > >
>> > >
>> > >
>>
>

-- 
Paul Madsen             e:paulmadsen @ ntt-at.com
NTT                     p:613-482-0432
                        m:613-302-1428
                        aim:PaulMdsn5
                        web:connectid.blogspot.com 




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]